HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Linux · S3 · AWS · LocalStack · Go · SSTI

HackTheBox - TheNotebook

Abusing JWT key identifier and breaking out of a Docker container

Linux · JWT · Webshell · CVE-2019-5736 · Docker · Sudo

HackTheBox - Spectra

Getting password from automatic login script of ChromeOS

HackTheBox - Passage

Leveraging USBCreator for local privilege escalation on Linux

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

HackTheBox - Worker

Learn how Azure Pipelines can be abused

HackTheBox - SneakyMailer

Example of a phishing attack and PyPI package exploitation

Linux · SMTP · IMAP · Sylpheed · Phishing · Webshell

HackTheBox - Buff

Tunneling with Chisel to deliver a buffer overflow exploit

HackTheBox - Magic

SQLi for login bypass and embed webshell to an image file

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano